CN117441320A

CN117441320A - Data access control method and device

Info

Publication number: CN117441320A
Application number: CN202180098785.9A
Authority: CN
Inventors: 耿峰; 李江琪
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2021-05-31
Filing date: 2021-05-31
Publication date: 2024-01-23
Also published as: WO2022252078A1

Abstract

The embodiment of the application provides a data access control method and device, which are applied to the fields of communication technology and Internet of vehicles, and the method comprises the following steps: the vehicle receives a setting instruction, wherein the setting instruction is a setting instruction aiming at a first interface, the first interface is used for indicating a first service, and the first interface corresponds to attribute information; the vehicle configures attribute information of first data according to the attribute information corresponding to the first interface, wherein the attribute information of the first data is used for determining access authority of the first data, and the first data is contained in data corresponding to the first service. The embodiment of the application reasonably and effectively performs access control on the data, and improves the efficiency of data access control.

Description

Data access control method and device

Technical Field

The application relates to the technical field of internet of vehicles and communication, in particular to a data access control method and device.

Background

With the rapid development of information communication technology (information and communications technology, ICT), the personal data flow scale is also increasing. Meanwhile, with the rapid development trend of intelligent transportation devices (such as vehicles), personal (such as drivers driving vehicles) data is easily leaked.

In order to reduce the adverse effect of personal data leakage on the driver as much as possible, it is necessary to solve how to access control data of the vehicle.

Disclosure of Invention

The embodiment of the application provides a data access control method and device, which can reasonably and effectively control access to data and increase the security of the data.

In a first aspect, an embodiment of the present application provides a data access control method, where the method includes:

receiving a setting instruction, wherein the setting instruction is a setting instruction aiming at a first interface, the first interface is used for indicating a first service, and the first interface corresponds to attribute information; and configuring attribute information of first data according to the attribute information corresponding to the first interface, wherein the attribute information of the first data is used for determining access rights of the first data, and the first data is contained in the data corresponding to the first service.

In the embodiment of the application, the configuration of the attribute information of the first data can be completed by combining the corresponding relation between the first service and the first data and the attribute information corresponding to the first interface, so that the efficiency of controlling the access of the data is effectively improved. In addition, when the first data needs to be accessed, the data access control device can determine the access authority of the first data according to the attribute information of the first data, so that the aim of effectively protecting the data is fulfilled.

Optionally, the setting instruction is for indicating whether access to the first service is allowed. Optionally, configuring attribute information of the first data according to attribute information corresponding to the first interface includes: and configuring the attribute information of the first data according to the attribute information corresponding to the first interface and the setting instruction. It may be understood that the data shown in the embodiments of the present application may also be referred to as a data source, etc., and the specific names of the data are not limited in the embodiments of the present application.

In one possible implementation, the method further includes: acquiring configuration information, wherein the configuration information comprises a corresponding relation between the first service and the first data;

the configuring the attribute information of the first data according to the attribute information corresponding to the first interface includes:

and configuring the attribute information of the first data according to the attribute information corresponding to the first interface and the configuration information.

In the embodiment of the application, the configuration information may be used to represent the correspondence between the service and the data. Optionally, the configuration information is used to indicate a correspondence between the service and the sub-service, and a correspondence between the sub-service and the data. By carrying out hierarchical decoupling on the corresponding relation among the service, the sub-service and the data, the fine-granularity personal data access strategy in the vehicle can be realized, and the efficiency of data access control is improved.

In a possible implementation manner, the first service includes a first sub-service and/or a second sub-service, and the data corresponding to the first sub-service and/or the second sub-service includes the first data.

In one possible implementation, the sub-service corresponding to the first service is different from the sub-service corresponding to the second service, or the sub-service corresponding to the first service and the sub-service corresponding to the second service are partially overlapped.

In one possible implementation manner, the sub-service corresponding to the first service is different from the sub-service corresponding to the second service by at least any one of the following:

an image acquisition sub-service, a voice acquisition sub-service or a radar analysis sub-service.

In one possible implementation manner, the configuring attribute information of the first data according to the attribute information corresponding to the first interface includes: configuring first attribute information of the first data according to the setting instruction and the first attribute information corresponding to the first interface; or configuring the second attribute information of the first data according to the setting instruction and the second attribute information corresponding to the first interface.

For example, the setting instructions may be used to set whether to allow access to the first service. Thus, the vehicle can configure the attribute information of the first data according to whether the access to the first service is permitted or not, and the attribute information of the first service (e.g., the first interface is an interface of the first service).

In one possible implementation manner, the first attribute information of the first data and the second attribute information of the first data are at least any one of the following different:

identity attributes, time attributes, location attributes, run state attributes, or ambient environment attributes.

In one possible implementation manner, the setting instruction is a setting instruction for the first interface, including: the set instruction is a set instruction for the first service.

In one possible implementation, the first service includes any one or more of the following:

360 look-around service, sentinel service, autopilot service, assisted drive service, autopilot service, remote control service, navigation service, or guest mode service.

Illustratively, the 360-degree looking services include any one or more of a first 360-degree looking service, a second 360-degree looking service, or a third 360-degree looking service. The sentinel services include any one or more of a first sentinel service, a second sentinel service, or a third sentinel service. The autopilot service includes any one or more of a first autopilot service, a second autopilot service, or a third autopilot service. Illustratively, the first 360-degree looking-around service, the second 360-degree looking-around service, or the third 360-degree looking-around service may have at least one of the following different attributes: identity attributes, time attributes, location attributes, run state attributes, or ambient environment attributes.

In one possible implementation, the first service includes any one or more of the following: image service, sound service or text service.

In one possible implementation manner, the first interface is an interface for a vehicle usage scenario, where the first service is bound to the vehicle usage scenario, and the attribute information corresponding to the first interface includes: the vehicle use scene carries the attribute information.

In one possible implementation, the vehicle usage scenario includes any one or more of the following: the first scene, the second scene, or the third scene.

In one possible implementation, the first scene, the second scene, or the third scene has at least one of the following different properties: identity attributes, time attributes, location attributes, run state attributes, or ambient environment attributes.

In one possible implementation, the method further includes: receiving an access control request, wherein the access control request carries attribute information; and outputting data corresponding to the attribute information.

By way of example, the attribute information carried by the access control request may include any one or more of the following: an identity, such as an identity of a user who needs to access data; a time attribute, such as a time attribute of data to be accessed; a location attribute, such as a location attribute of data to be accessed; an operational status attribute; surrounding environment attributes, etc. Optionally, the access control request may further carry an access object, so that the vehicle may output corresponding data according to the access object and attribute information carried in the access control request. For example, the access objects carried by the access control request are data 1 and data 2, the attribute information of the data 1 is matched with the attribute information carried by the access control request, and the attribute information of the data 2 is not matched with the attribute information carried by the access control request, so that the vehicle only outputs the data 1, and the data 2 is refused to be accessed.

In a second aspect, an embodiment of the present application provides a data access control method, where the method includes:

determining configuration information, wherein the configuration information comprises a corresponding relation between a first service and first data and attribute information of the first data, the attribute information of the first data is used for determining access rights of the first data, and the first data is contained in data corresponding to the first service; and sending the configuration information to the vehicle.

It may be understood that the attribute information of the first data shown in the embodiment of the present application may be understood that when the server issues the configuration information, the configuration information includes an attribute of data corresponding to the service, or may be understood that the attribute information including the data corresponding to the service in the configuration information is an initial value. It is to be understood that the server may set an initial value for attribute information of the data, or may also be set to reserved (reserved) or the like, which is not limited in the embodiment of the present application. For example, the vehicle may configure a specific value or a specific assignment of the attribute information of the first data according to the setting instruction.

It is to be appreciated that the method provided in the embodiments of the present application may be applied to a data access control device, which may include an original equipment manufacturer (original equipment manufacturer, OEM) server, or a local server, or a cloud server, etc., which is not limited in the embodiments of the present application.

In the embodiment of the application, the configuration information is sent to the vehicle, so that the vehicle can perform data access control according to the configuration information, high-efficiency data access control can be realized, and data can be effectively protected.

In one possible implementation manner, the sub-service corresponding to the first service is different from the sub-service corresponding to the second service by at least any one of the following: an image acquisition sub-service, a voice acquisition sub-service or a radar analysis sub-service.

In a third aspect, an embodiment of the present application provides a data access control apparatus, including a receiving unit and a processing unit. The data access control device is configured to implement the method described in the first aspect or any one of the possible implementation manners of the first aspect.

Optionally, the data access control device further comprises an output unit.

In a fourth aspect, an embodiment of the present application provides a data access control device, including a processing unit and a sending unit. The data access control device is configured to implement the method described in the second aspect or any one of the possible implementations of the second aspect.

In a fifth aspect, an embodiment of the present application provides a data access control device, including a processor and a memory, where the processor and the memory are connected to each other, where the memory is configured to store a computer program, the computer program includes program instructions, and the processor is configured to invoke the program instructions to perform the method of the first aspect.

Optionally, the data access control device further comprises a transceiver for receiving and/or transmitting signals (e.g. comprising data or instructions, etc.).

In a sixth aspect, an embodiment of the present application provides a data access control device, including a processor and a memory, where the processor and the memory are connected to each other, where the memory is configured to store a computer program, the computer program includes program instructions, and the processor is configured to invoke the program instructions to perform the method of the second aspect.

In a seventh aspect, embodiments of the present application provide a chip system, where the chip system includes at least one processor, and the processor is configured to support implementing the functions related to the first aspect. Optionally, the chip system further comprises a communication interface.

For example, the processor may be used to control the communication interface to input setup instructions or configuration information, etc. For another example, the processor may be used to configure attribute information for the data.

In an eighth aspect, embodiments of the present application provide a chip system, where the chip system includes at least one processor, and the processor is configured to support implementing the functions related to the second aspect. Optionally, the chip system further comprises a communication interface.

For example, a processor may be used to determine configuration information. For another example, the processor may be configured to control the communication interface to output configuration information.

In a ninth aspect, embodiments of the present application provide a computer-readable storage medium storing a computer program which, when run on a computer, causes the method of the first aspect or any of the possible implementations of the first aspect to be performed.

In a tenth aspect, embodiments of the present application provide a computer readable storage medium storing a computer program which, when run on a computer, causes the method shown in the second aspect or any possible implementation manner of the second aspect to be performed.

In an eleventh aspect, embodiments of the present application provide a computer program product comprising a computer program which, when run on a computer, causes the method shown in the first aspect or any possible implementation manner of the first aspect to be performed.

In a twelfth aspect, embodiments of the present application provide a computer program product comprising a computer program which, when run on a computer, causes the method shown in the second aspect or any possible implementation manner of the second aspect to be performed.

In a thirteenth aspect, embodiments of the present application provide a computer program which, when run on a computer, performs the method of the first aspect or any possible implementation of the first aspect.

In a fourteenth aspect, embodiments of the present application provide a computer program which, when run on a computer, performs the method of the second aspect or any possible implementation of the second aspect.

In a fifteenth aspect, embodiments of the present application provide a communication system, the communication system including a vehicle for performing the first aspect or any possible implementation of the first aspect, and a server for performing the second aspect or any possible implementation of the second aspect.

Drawings

FIGS. 1a and 1b are schematic diagrams of a communication system according to an embodiment of the present application;

FIG. 2 is a schematic diagram of a vehicle system according to an embodiment of the present application;

fig. 3 is a flow chart of a data access control method according to an embodiment of the present application;

fig. 4a to fig. 4c are schematic diagrams illustrating mapping relationships between services, sub-services and data according to embodiments of the present application;

FIGS. 5 a-5 c are schematic diagrams of a configuration process provided by embodiments of the present application;

FIG. 6 is a schematic diagram of a configuration process provided by an embodiment of the present application;

FIG. 7 is a schematic diagram of a configuration process provided by an embodiment of the present application;

fig. 8 to 10 are schematic structural diagrams of a data access control device according to an embodiment of the present application.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the present application will be further described with reference to the accompanying drawings.

The terms "first" and "second" and the like in the description, claims and drawings of the present application are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the terms "comprising," "including," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion. Such as a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to the list of steps or elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the present application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly understand that the embodiments described herein may be combined with other embodiments.

In the present application, "at least one (item)" means one or more, "a plurality" means two or more, and "at least two (items)" means two or three or more, and/or "for describing an association relationship of an association object, three kinds of relationships may exist, for example," a and/or B "may represent: only a, only B and both a and B are present, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of (a) or a similar expression thereof means any combination of these items. For example, at least one (one) of a, b or c may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c".

The data access control method not only can be applied to the field of Internet of vehicles, but also can improve the problem of complex configuration of users, so that the users do not need to perform complex configuration, and can realize efficient data access control without sensing the complex conversion relationship from configuration strategies to strategy validation. In addition, the method provided by the application can also effectively protect the data by configuring the data.

Alternatively, the method provided by the application can convert the consent of the user or the preference setting of the user and the like into a general method of a domain controller or an electronic control unit (electronic control unit, ECU) and the like capable of understanding and executing functions or service access control strategies and data acquisition execution strategies. Alternatively, the methods provided herein may cover a full-flow data lifecycle management from data functional design development at an original equipment manufacturer (original equipment manufacturer, OEM) design development stage to user-in-vehicle data access.

The system architecture of the embodiments of the present application is described below. It should be noted that, the system architecture described in the present application is for more clearly describing the technical solution of the present application, and does not constitute a limitation to the technical solution provided in the present application, and along with the evolution of the system architecture and the appearance of a new service scenario, the technical solution provided in the present application is also applicable to similar technical problems.

Fig. 1a is a schematic architecture diagram of a communication system according to an embodiment of the present application. As shown in fig. 1a, optionally, the communication system comprises: vehicle and server. Optionally, the communication system includes a vehicle and Application (APP). Optionally, the communication system includes a vehicle, a server and an APP.

For example, the server may include a cloud, which may include a cloud server and/or a cloud virtual machine. Alternatively, the server may comprise an OEM server, a local server, or the like. For example, a service side may communicate with a vehicle to provide various services to the vehicle, such as Over The Air (OTA) services, high-definition map services, automated driving or assisted driving services, and the like. As shown in fig. 1a, the cloud end is used as a core area for data processing, and can be used for interfacing with a third party, or undertaking audit of a supervision organization, etc. It can be appreciated that fig. 1a is shown by taking a cloud as an example, but the service end shown in the embodiment of the present application may also include an OEM server or a local server, etc., which is not limited in this embodiment of the present application. For example, the OEM server may send configuration information to the vehicle. The OTA upgrade server may also send configuration information to the vehicle, for example. The configuration information and the updated configuration information may be determined by one server, or may be determined by a different server, or the like, which is not limited in the embodiment of the present application. For example, the configuration information may be provided to the vehicle by the OEM server, as shown in fig. 1b, with the updated configuration information provided to the vehicle by the OTA upgrade server. Optionally, the OTA upgrade server may also provide OTA upgrade for the vehicle, which is not limited in the embodiments of the present application. For convenience of description, the method embodiments shown below will take OEM servers (e.g., upgrade servers or cloud end, etc.) to send configuration information to vehicles as an example to illustrate the method provided by the embodiments of the present application.

Illustratively, the vehicle serves as a main data acquisition party and is a main participant for data interaction with the cloud end and the like. For example, the data may include in-vehicle personal data, user entered data, audio-visual data, data of the vehicle itself, and the like. As shown in fig. 1a, the vehicle may not only communicate with the cloud, but also interact with other devices. Such as the other devices including traffic infrastructure, other vehicles, diagnostics, smart car keys or charging posts, etc. Thus, the data in the vehicle is various.

For example, the vehicle may interact with the cloud by way of wireless communication, which may follow a wireless protocol of a network to which the vehicle is connected, such as vehicle-to-everything (V2X, X may represent everything) communication, and also such as V2X of a cellular network, etc. For example, the V2X may include: vehicle-to-vehicle (vehicle to vehicle, V2V) communication, vehicle-to-infrastructure (vehicle to infrastructure, V2I) communication, vehicle-to-pedestrian communication (vehicle to pedestrian, V2P) or vehicle-to-network (vehicle to network, V2N) communication, etc. Examples of the cellular network include a long term evolution (long term evolution, LTE) wireless network, a fifth generation (5th generation,5G) wireless network, and the like.

By way of example, the application may include a mobile APP. For example, the user can interact with the cloud end through the mobile phone APP, such as data transmission and the like. For example, the mobile phone APP can also be understood as an intermediary for the user to interact with the vehicle and cloud.

It will be appreciated that the communication system shown in fig. 1a is merely an example, and in a specific implementation, more or fewer devices than the system shown in fig. 1a may be included, and the embodiments of the present application are not limited in this regard.

As can be seen from the above communication system, data in a vehicle is various, and thus, consent or preference setting of a user, etc. are too complicated. However, by the method provided by the application, the excessively complex configuration can be effectively improved, and the configuration process of the data is simplified. Optionally, as shown in fig. 1a, when different devices access data in the vehicle, the vehicle may also output an access object according to the method provided in the present application.

Fig. 2 is a schematic structural diagram of a vehicle system according to an embodiment of the present application. As shown in fig. 2, the vehicle system includes: the system comprises a system design model analysis module, a strategy mapping module and a user configuration analysis module. For example, the three modules may be disposed in different physical entities, or may be disposed in the same physical entity, which is not limited in the embodiment of the present application. It can be understood that, for the physical entities corresponding to the above modules, embodiments of the present application are not limited. For example, the above modules may be deployed in a computing unit having response capabilities within a vehicle. For example, the three modules may be deployed in different in-vehicle computing nodes, respectively. For another example, the three modules may be deployed in different domain controllers (domain controller, DC), respectively. For another example, the three modules may be deployed in different ECUs, respectively. For another example, one of the three modules is disposed in the domain controller, and the other two modules are disposed in the ECU. For another example, one of the three modules is disposed in the ECU, and the other two modules are disposed in the domain controller. For example, the three modules may be integrated into one module, which is not limited in the embodiment of the present application. For example, all three modules may be included in a data analysis logic module within the vehicle. It is understood that the ECU shown in the present application may include one or more of a car BOX (Tbox), a telematics control unit (telematics control unit, TCU), a gateway (gateway), a battery management system (battery management system, BMS), or a car control unit (vehicle control unit, VCU), etc. that are responsible for communicating with a remote location. The distal end shown here may represent an off-board device or apparatus, etc. For example, the remote end includes one or more of a Road Side Unit (RSU), cloud, or bluetooth key, etc.

The three modules are described in detail below.

System design model analysis module: the OEM can be docked in the whole vehicle functional design stage, and the input of the system design model analysis module can be a structured data stream modeling file (also called a modeling file) or can be understood as configuration information shown below. The data stream modeling file can be understood as an association file between the service and the data, or an association file between the service, the sub-service and the data, which are shown in the application. For example, the relationship between the service, sub-service and data may be a directed graph structure, or a tree structure, etc. It will be appreciated that reference may also be made to other embodiments of the present application for relationships between services, sub-services and data, which are not described in detail herein.

By way of example, a service may be understood as a top-level service that is user-oriented, such as a 360-degree look-around service, that may provide a 360-degree acquisition of image data around a vehicle to a vehicle owner. In general, a vehicle, such as a smart car, typically provides a plurality of services, such as several to tens of different services, which are enhanced from basic experience to after-sales maintenance, and can cover various scenes of the life cycle of the vehicle, and the coverage range is relatively wide. It is understood that the service illustrated in the present application may also be understood as a characteristic, etc., and the specific name of the service is not limited in the present application. It is to be appreciated that the 360-degree look-around service illustrated herein is only an example, and that the services illustrated herein may also include a sentinel service, an autopilot service, a driver assistance service, an autopilot service, a remote control service, a navigation service, a guest mode service, and the like.

To implement one service, multiple sub-services are typically required to support. It is understood that the sub-service shown in the present application may also be understood as a function or the like, and the specific name of the sub-service is not limited in the present application. Such as by requiring a series of functions to be implemented in order to achieve a characteristic. For example, the 360-degree looking service and the sentinel service can use the camera sensing sub-service, so that the camera sensing can be used as a common sub-service function and simultaneously used by two services. As another example, the navigation service may use a microphone sound acquisition sub-service, a vehicle body sensor data acquisition sub-service, and the like. Therefore, different business targets are realized, and different service experiences are brought to users.

To implement a service or sub-service, manipulation of data streams or data is typically involved. Operations corresponding to data include data reading and data writing, and when data flows in a system (such as a system corresponding to a vehicle), a function to be read reads data from the data flow, and a function to be written writes a value into the data flow. Thus, ultimately, both services and sub-services are associated with the data. For example, a camera may associate video data with audio data, while video data may include both person-related data and person-unrelated data. Therefore, the classification criteria of the data in the method provided in the present application may be based on meeting the data access control policy, and the embodiment of the present application is not limited to the specific classification criteria.

In this application, from services (also referred to as features) to sub-services (also referred to as functions for supporting features) to data, a complex structure can be formed that expands from top to bottom in the OEM definition phase of the automotive system. Alternatively, when the development of the automobile design is completed, the complex structure can be represented by a modeling file and then preset to the automobile end. Optionally, when the service update is performed on the vehicle system through the over the Air technology (ottma), the mapping relationship between the service, sub-service and data shown in the present application may also be updated. The system design model analysis module reads and parses the modeling file to generate an underlying machine representation that can be understood by the vehicle system. That is, the input of the system design model analysis module may be the modeling file shown above (i.e., the directed graph structure file corresponding to the services, sub-services and data shown above), and then the module loads the modeling file into the vehicle system (e.g., into the in-memory database) and outputs executable control instructions (which may also be referred to as instructions or policies, etc.) that the vehicle system can understand. It is understood that the modeling files shown herein may also be understood as the data stream modeling files shown above.

In other words, in this application, the system design model analysis module may be provided with a top-down mapping of services, sub-services, data (directed graph structure as shown in fig. 4a below) during the OEM development phase. It is understood that when a service is referred to as a feature and a sub-service is referred to as a service, the top-down mapping relationship of features, work, and data shown in this application may also be referred to as feature decomposition. By modeling the overall architecture of the system (which may also be referred to as a service, sub-service and data decomposition association architecture), a representation file from the top-level service to the bottom-level data (which may also be referred to as a representation file corresponding to the mapping relationship between the top-level service to the bottom-level data) is output. The data hierarchy may be a category of information with sufficiently small granularity, such as road condition images required by a driving assistance service, and account, password or face recognition metadata required for an account login service. It is understood that the present application is not limited to the granularity of data (which may also be understood as a classification criterion). For example, the granularity of the data may be set according to the requirements of the business scenario, or the granularity of the data may be set according to the requirements of laws and regulations, or the granularity of the data may be set autonomously by a developer, or the like.

Optionally, a hierarchical decomposition structure of the data (may also be referred to as data decomposition) may also be provided to the system design model analysis module, and the top layer (the user-oriented hierarchy may be referred to as top layer) represents coarse-grained data directly collected by the sensor, such as video data (which may also include images and sounds shown in fig. 6 below) corresponding to the camera. By layer-by-layer disassembly of coarse-grained data acquired by sensors, a directed graph structure similar to services, sub-services, and data can be obtained. As shown in FIG. 6, the finer the data class division, the lower the data granularity at the bottom corresponds to the service, sub-service, and the lowest granularity of the data, indicating the minimum data range, i.e., atomic data type, required to complete a service or sub-service. For example, the data 1 and the data 2 corresponding to the image shown in fig. 6 may be understood as data corresponding to the sub-service 1 and the sub-service 2 included in the service 1, and the data 3 and the data 4 corresponding to the sound may be understood as data corresponding to the sub-service 2 and the sub-service 3 included in the service 2.

A user configuration analysis module: and the data in the car is configured by the docking car owner or the authorized user in the car using stage through a mobile phone APP or a car cloud service management interface (portal) or a car center control. At this point the vehicle has been delivered to the user, the user should be allowed to understand the data processing conditions within the vehicle and configure the data access control strategy within the vehicle by some mechanism. The input to the user configuration parsing module is typically a setup instruction on a User Interface (UI), and the user configuration parsing module can output a control instruction (which may also be referred to as a structured system configuration) that can be understood by the vehicle system by processing the setup instruction.

Policy mapping module: the output of the system design model analysis module and the output of the user configuration analysis module are used as input, so that the data is processed according to the method provided by the application. For example, the policy mapping module may generate a data access control policy based on the service, sub-service, and the representation file and setup instructions between the data, thereby enforcing the association of the data access control policy to the overall vehicle design logic and ensuring validation within the vehicle system. The data access control policy described in the present application may be understood as processing related data (e.g. processing first data) according to a mapping relationship between a service and a sub-service, a mapping relationship between a sub-service and data, and a setting instruction input by a user. Such as attribute information of configuration data according to a setting instruction. For another example, a sub-service related to a service is invoked according to a set instruction, or data related to a sub-service is invoked.

It will be appreciated that the names of the above modules are merely examples, and the specific names of the above modules are not limited in the embodiments of the present application.

Fig. 3 is a flow chart of a data access control method according to an embodiment of the present application. The method may be applied to a system as shown in fig. 1a or 1b or 2, for example, the method may be applied to a vehicle. The vehicle may be an automobile or other form of motor vehicle. By way of example, the vehicle may be in the form of a car, bus, truck, agricultural vehicle, recreational vehicle, game car in amusement parks, or the like. Alternatively, the method provided in the present application may also be applied to a domain controller or ECU in a vehicle, etc., and the present application is not limited to the specific form of the vehicle.

Before describing the method shown in fig. 3, the following describes in detail the relationships among services, sub-services, and data to which the present application relates.

Fig. 4a is a schematic diagram of a relationship between a service, a sub-service and data according to an embodiment of the present application. As shown in fig. 4a, for example, the terminal device includes a service a, a service B, and a service C, the service a includes a sub-service a and a sub-service B, the service B includes a sub-service B and a sub-service C, and the service C includes a sub-service d and a sub-service e. The sub-service overlapping with the sub-service corresponding to the service B in the sub-service corresponding to the service A is the sub-service B. The sub-service corresponding to service a is completely different from the sub-service corresponding to service C. It is understood that the relationship of the individual services or sub-services illustrated in fig. 4a is merely an example and should not be construed as limiting the embodiments of the present application. It can be understood that the embodiment of the present application is not limited to the number of services and the number of sub-services corresponding to the services shown in fig. 4 a.

For example, if the service a is a video monitoring service, multiple sub-services are needed to support the 360-degree look-around service, for example, the sub-service a may be an image capturing sub-service, and the sub-service b may be a voice capturing sub-service. Service B is a navigation service and sub-service c is a radar analysis sub-service. For example, the image acquisition sub-service may be implemented by an image acquisition sensor, the voice acquisition sub-service may be implemented by a voice acquisition sensor, and the radar analysis sub-service may be implemented by a radar sensor. It is to be understood that the relationship between sensors and sub-services shown herein is merely an example and should not be construed as limiting the present application. I.e. the implementation of service B may depend on the radar analysis sub-service and the speech acquisition sub-service. By way of example, service C may be an emergency call service.

For example, the data corresponding to the sub-service a may include data 1 and data 2. The data corresponding to the image acquisition sub-service can comprise license plate data, user data or road condition data and the like. The data corresponding to the sub-service b may include data 2 and data 3. Such as the data corresponding to the voice acquisition sub-service may include user data or noise data, etc. The data corresponding to the sub-service c may include data 3 and data 4. The data corresponding to the sub-service such as radar analysis may include user data, historical navigation data, map data, and the like. The data corresponding to sub-service d includes data 5 and the data corresponding to sub-service e includes data 6. It will be appreciated that the sub-services will correspond to different data due to the different types of data. Accordingly, embodiments of the present application are not limited to a particular type or classification criteria of data. The specific type (also referred to as category) or classification criteria of the data may be set according to the requirements of the business scenario, or according to the requirements of the OEM, or according to legal regulations, etc., which are not limited in the embodiments of the present application.

It will be appreciated that the arrows shown in fig. 4a may indicate that a service includes one or more sub-services, each of which corresponds to a plurality of different types of data.

Fig. 4b is a schematic diagram of a relationship between a service, a sub-service and data according to an embodiment of the present application. The arrow shown in fig. 4b indicates that data 1 is included in the data corresponding to the sub-service a, data 2 is included in the data corresponding to the sub-service a, data corresponding to the sub-service b, and data 3 is included in the data corresponding to the sub-service b, and data corresponding to the sub-service c from bottom to top. The sub-service a and the sub-service B are included in the sub-service corresponding to the service a, and the sub-service B also corresponds to the service B. The sub-service c is included in the sub-service corresponding to the service B, or may be understood as the sub-service c corresponds to the service B. It will be understood that, for fig. 4a and fig. 4b, the mapping relationship between the service, the sub-service and the data shown in the present application may be a mapping relationship from top to bottom, or may be an inclusion relationship from bottom to top, so the connection lines without arrows in the drawings shown below represent the relationship between the service, the sub-service and the data. It will be appreciated that the same applies with respect to the illustration shown in fig. 7.

By way of example, the input setup layer shown in fig. 4b may be understood as carrying user input in a user configuration parsing module within the vehicle system. For example, the user may input a setting instruction through the input setting layer. As another example, the user may set up service a and/or service B. The vehicle system, such as a domain controller or ECU, invokes a sub-service corresponding to the service based on the relationship between the service and the sub-service (e.g., may also be referred to as a sub-service access control policy as shown in fig. 4 b). That is, based on the setting instruction input by the user, the vehicle system may call the sub-service corresponding to the service (i.e., the service indicated by the setting instruction). And the vehicle system may also configure attribute information of the data. That is, by receiving a setting instruction, and invoking a sub-service, configuration of data can be achieved. Meanwhile, the configuration of the use permission of the data can be realized through the attribute information of the configuration data.

Based on the platform whole vehicle architecture design, complex and diverse data in the vehicle are converged into an application program interface (application programming interface, API) or sub-service according to the functional design for service call. The policy mapping module can determine whether the data is allowed to be accessed or prohibited to be accessed according to the setting instruction received by the user configuration analysis module and the mapping relation among the service, the sub-service and the data output by the system design model analysis module.

By way of example, take data 2 shown in fig. 4b as shown in fig. 4 c. If the opposite sign indicates that service a allows access, the cross sign indicates that service B prohibits access, the dotted line portion indicates that data 2 is not allowed to flow in the direction of data 2, sub-service B, and the solid line portion indicates that data 2 is allowed to flow in the direction of data 2, sub-service a, service a. And when the service A is called, the corresponding sub-service a is also allowed to be accessed, and the data 2 corresponding to the sub-service a is allowed to be accessed. When service B is invoked, data 2 cannot be accessed through sub-service B corresponding to service B. Optionally, when the service a is invoked, the corresponding sub-service b may be allowed to access, and the data 2 corresponding to the sub-service b may be allowed to access.

It is understood that the relationships between services, sub-services, and data shown above are merely examples. The method provided by the application is also applicable to the relation between the service and the data. For example, sub-services may not be included in fig. 4 a-4 c. Alternatively, one or more of the services of fig. 4 a-4 c do not include sub-services.

As shown in fig. 3, the data access control method provided in the present application includes:

in one possible implementation, the method shown in fig. 3 includes step 301 and step 302.

301. The OEM server determines configuration information including a correspondence of the first service and the first data.

Optionally, the configuration information further includes attribute information of the first data, where the attribute information of the first data is used to determine access rights of the first data. It may be understood that the attribute information of the first data shown in the embodiment of the present application may be understood that when the server issues the configuration information, the configuration information includes an attribute of data corresponding to the service, or may be understood that the attribute information including the data corresponding to the service in the configuration information is an initial value. It is to be understood that the server may set an initial value for attribute information of the data, or may also be set to reserved (reserved) or the like, which is not limited in the embodiment of the present application. For example, the vehicle may configure a specific value or a specific assignment of the attribute information of the first data according to the setting instruction.

The configuration information shown in the embodiments of the present application may be understood as a mapping relationship (may also be referred to as a correspondence relationship or a configuration relationship, etc.) between services and sub-services as shown in fig. 4a and/or fig. 4c, and a mapping relationship between sub-services and data.

Illustratively, the OEM server may receive configuration information entered (or understood as user-configured) by a user (e.g., OEM developer). For another example, the OEM server may automatically generate the configuration information. For example, the OEM server may classify sub-services corresponding to implementing a certain service and data used by the sub-services to form configuration information. It will be appreciated that embodiments of the present application are not limited in terms of the method by which the OEM server determines the configuration information.

302. The OEM server sends the configuration information to the vehicle. Accordingly, the vehicle receives the configuration information sent by the OEM server.

The embodiments of the present application are not limited to a particular form in which the OEM transmits the configuration information. For example, the OEM may send the configuration information to the vehicle in the form of a table. For another example, the OEM may send the configuration information to the vehicle in the form of a structured modeling file (e.g., in the form of an XLM or in the form of a JSON, etc.).

303. The vehicle receives a setting instruction, wherein the setting instruction is a setting instruction aiming at a first interface, the first interface is used for indicating a first service, and the first interface corresponds to attribute information.

For example, the vehicle may receive a setting instruction input by a user (e.g., a driver or a passenger, etc.), such as the setting instruction being a setting instruction input by the user for the first interface. The first interface is used for indicating a first service, for example, a vehicle can configure attribute information of the first data according to the attribute information corresponding to the first interface. Optionally, the setting instructions may be used to set whether access to the first interface is allowed. For example, the setting instructions may be for setting a first service indicated by the first interface to be allowed to be accessed. For another example, the set-up instructions may be used to set up that access to the first service indicated by the first interface is not allowed (may also be referred to as denied). For example, the vehicle may configure attribute information of the first data according to attribute information corresponding to the first interface and the setting instruction.

The first interface and attribute information corresponding to the first interface shown in the embodiment of the present application are described in detail below.

The first interface is an interface of a first service.

By way of example, the first service may include one or more of a 360-degree look-around service, a sentinel service, an autopilot service, a driver assistance service, an autopilot service, a remote control service (e.g., a remote see service or a remote monitor service), a navigation service, a guest-mode service, and the like. The attribute information corresponding to the first service includes one or more of an identification attribute, a time attribute, a location attribute, an operation state attribute of the vehicle, or a surrounding environment attribute. For example, the attribute information corresponding to the first service may be set by the vehicle when leaving the factory, or may also be set according to the service requirement, or may be set by a developer in the OEM development stage, or the like, which is not limited in the embodiment of the present application.

For example, the identity attribute may be understood as an identity corresponding to the first service when the first service is accessed. The identification may include one or more of account information, biometric information, or an unlock pattern. For example, account information may be understood as an account number that a user can log on to when accessing a first service. As another example, biometric information may be understood as fingerprint features, iris features, facial features, etc. that can be used when unlocking a vehicle. For another example, the unlock pattern may be understood as a pattern that can be used when unlocking the vehicle. Optionally, when the attribute information corresponding to the first service includes an identity attribute, the vehicle may configure the identity attribute of the first data according to the identity corresponding to the first service. The identity corresponding to the first service may be the same as or different from the identity of the first data, which is not limited in this embodiment of the present application. By configuring the identity attribute of the first data, the user with the corresponding identity can be ensured to access the first data. It can be appreciated that the identity identifier shown in the embodiment of the present application includes the account information, the biometric information, and the unlocking pattern described above is only an example, and the embodiment of the present application is not limited to the specific type of the identity identifier.

By way of example, a time attribute may be understood as a time at which access to the first service is allowed, or a time at which access to the first service is denied (which may also be referred to as access inhibition). Illustratively, the time attribute may be distinguished by an example of an on-time and an off-time; alternatively, the time corresponding to the time attribute may be set by the user; alternatively, the time corresponding to the time attribute may be set by a system, or the like, which is not limited in the embodiment of the present application. For example, the user set time may include 00:00 to 08:00 and 19:00 to 24:00 refusal to access the first service, 08:00 to 19:00 allowing access to the first service. For another example, the user-set time may include 09:00 to 21:00 refusal to access the first service, and the remaining time may access the first service. Alternatively, when the attribute information corresponding to the first service includes a time attribute, the vehicle may configure the time attribute of the first data according to the time attribute corresponding to the first service. For example, the time at which the first data is allowed to be accessed is configured according to the time at which the first service is allowed to be accessed. For another example, the time to deny access to the first data is configured according to a time to deny access to the first service.

By way of example, a location attribute may be understood as a location that allows access to the first service or a location that denies access to the first service. Alternatively, when the attribute information corresponding to the first service includes a location attribute, the vehicle may configure a location attribute (which may also be referred to as a location attribute allowing access to the first data) allowing use of the first data according to the location attribute corresponding to the first service. Illustratively, the operating state attribute represents an operating state of the vehicle. The operating state may include, for example, one or more of a gear engaged state (which may also be referred to as a shift state), a park state, a drive state, or a P-gear state. For example, if the running state is in the engaged state, the first service is allowed to access (or is prohibited from accessing), and the data corresponding to the first service is also allowed to be accessed (or is prohibited from accessing). For example, the running state is a running state, the first service is a video audio service, and the first service is prohibited from accessing. Illustratively, the ambient environment attribute represents the environment in which the vehicle is located. Such as the surrounding environment may include urban or suburban areas, etc., as just an example. For example, suburban areas have a small risk of personal data collection density relative to urban areas, so certain services may allow access.

It can be understood that each attribute shown above is only an example, and the method for setting the attribute and the type of the attribute corresponding to the first service in the embodiment of the present application are not limited. For example, the attribute information corresponding to the first service may also include access permission or access prohibition. When the first service allows access, the attribute information of the data is set as access permission or access prohibition according to the mapping relation between the service and the data. Or setting the attribute information of the sub-service as access permission according to the mapping relation between the service, the sub-service and the data, and setting the attribute information of the data as access permission or access prohibition. It will be appreciated that the following applies equally to the description of the attributes.

By the method provided by the embodiment of the application, the user does not need to set different attributes of the data one by one, but the vehicle can obtain the attribute information corresponding to the first service through the setting of the user for the first service, so that the attribute information of the data corresponding to the first service is set.

Alternatively, the 360-degree looking services may include a first 360-degree looking service, a second 360-degree looking service, and a third 360-degree looking service. Illustratively, the first 360-degree looking-around service, the second 360-degree looking-around service, and the third 360-degree looking-around service differ in at least one attribute. For description of the attributes reference is made to the above description and will not be described in detail here. For example, the 360-degree looking-around service may include different vehicle usage scenarios, such as a first 360-degree looking-around service may be a service that is used by the vehicle owner during non-working hours, a second 360-degree looking-around service may be a service that is used by the vehicle owner during working hours, and a third 360-degree looking-around service may be a service that is used by other users. It is understood that the different classification methods for a certain service are only examples, and for example, the 360-degree looking-around service may further include a fourth 360-degree looking-around service, a fifth 360-degree looking-around service, and the like, which are not limited in the embodiments of the present application. It is understood that for different classifications of other services, reference may be made to the description of 360-degree looking-around services, and embodiments of the present application are not limited. For example, the navigation service includes a first navigation service, a second navigation service, a third navigation service, and the like. At least one attribute of the first navigation service, the second navigation service and the third navigation service is different.

In the embodiment of the invention, the same service is further subdivided into the services with different attributes, so that the configuration of the attribute information of the data corresponding to the first service can be realized through the configuration of the first service, and the configuration efficiency is effectively improved.

It can be understood that, through the first service shown in the embodiments of the present application, the vehicle may set attribute information of data corresponding to the first service according to a mapping relationship among the service, the sub-service, and the data, so as to determine access rights of the data corresponding to the first service. It can be understood that the above is shown by taking the mapping relationship from service to sub-service and the mapping relationship from sub-service to data as an example, and the embodiments of the present application are applicable to the relationship between sub-service and data. That is, when the services shown above are not included, the sub-services shown in the embodiments of the present application can also be understood as services.

The first service may also be illustratively differentiated according to the different categories of data. For example, the first service includes an image service, a voice service, and the like. Alternatively, the first service further comprises a text service. In this case, the vehicle may set attribute information of the data corresponding to the first service according to the mapping relationship between the service and the data, thereby determining access rights of the data corresponding to the first service. Optionally, in this case, the vehicle may further set attribute information of the sub-service and the service corresponding to the data according to the mapping relationship among the data, the sub-service and the service.

The first service may also include, for example, one or more of a first image service, a second image service, a third image service, a first voice service, a second voice service, a third voice service, a first video service, a second video service, and the like. The first image service, the second image service and the third image service have at least one attribute different from each other. The first voice service, the second voice service, and the third voice service differ in at least one attribute. For example, the first image service is a face image and the second image service is a scenic image. It is understood that the different classification methods for the image service, the voice service or the video service are merely examples, and the image service may further include a fourth image service, a fifth image service, etc., which are not limited in the embodiments of the present application. It is understood that the first service may also include other types of services, including text services, and the like, and embodiments of the present application are not limited.

In the embodiment of the application, by further subdividing the services with different attributes by taking images, voice, videos and the like as granularity, the configuration of the attribute information of the data corresponding to the first service can be realized through the configuration of the first service, and the configuration efficiency is effectively improved.

It may be appreciated that the first service shown in the embodiments of the present application is only an example, and the embodiments of the present application are not limited to the specific type or classification criteria of the first service. Such as the first service may be understood as a user-oriented service. As another example, the first service may also be understood as a service displayed through a display screen of the vehicle.

The second interface and the first interface are interfaces of a vehicle use scene.

Exemplary vehicle usage scenarios include private home scenarios, commercial vehicle scenarios, shared scenarios, ride scenarios, and the like. A private family scenario indicates that data in a vehicle is only available to members within the family, and optionally, data may be shared, a shared configuration may be shared, or the operational rights to the data may be maintained consistent between different family members of the scenario). The sub-services and the data types related to the commercial vehicle scene are special, and the customization scheme is considered in the data access control scheme. For example, the mapping relationship between services, sub-services, and data may be different from other scenarios. As another example, different permissions may be configured for different data. Users of vehicles in a shared scenario (e.g., including a vehicle rental shared scenario) may often change, such as in-vehicle data requiring binding of the user's identity. It is understood that the description of the driving scenario may refer to the shared scenario, and will not be described in detail herein. It is understood that other types or classifications of usage scenarios with respect to vehicles are not limiting embodiments of the present application.

Illustratively, the vehicle usage scenario includes a first scenario, a second scenario, a third scenario, and so on. The first scene, the second scene, and the third scene are at least any one of the following different: one or more of identity, time of use, location of use, operational status, or ambient environment.

In the case where the first interface is an interface of a vehicle usage scenario, the first interface is used to indicate the first service. For example, a vehicle usage scenario may bind a service. For example, the private home scenario described above may bind 360 a look-around service, an autopilot service, a navigation service, and the like. For another example, the first scenario described above may bind a navigation service, a remote control service, and so on.

It is to be understood that the above description of interfaces, properties, services, etc. is merely an example, and embodiments of the present application are not limited to other more types or examples.

304. The vehicle configures attribute information of first data according to attribute information corresponding to the first interface, wherein the attribute information of the first data is used for determining access rights of the first data, and the first data is contained in data corresponding to the first service.

In the embodiment of the application, the association relationship among the service, the sub-service and the data may be stored in the vehicle. For the relationships among the services, sub-services and data, reference may be made to the methods shown in fig. 2, fig. 4a, fig. 4b or fig. 4c, and will not be repeated here. The method for configuring the attribute information of the first data according to the setting instruction and the attribute information corresponding to the first interface by the vehicle may refer to the above, and will not be described in detail here. For example, taking fig. 4a as an example, if the first service is service a, the first data may be data 1, or the first data may also be data 1 and data 2. That is, the first data may represent data corresponding to the first service, or the first data may represent a part of data among the data corresponding to the first service.

In the embodiment of the application, the vehicle can determine the access right of the first data according to the attribute information of the first data. The attribute information of the first data includes one or more of an identification attribute, a time attribute, a location attribute, an operating state attribute of the vehicle, or a surrounding environment attribute, for example. For example, the attribute information of the first data includes an identification attribute, and the vehicle may determine whether to allow the vehicle owner to access the first data, whether to allow the non-vehicle owner to access the first data, whether to allow the home user to access the first data, or the like, according to the identification. For another example, the attribute information of the first data includes a time attribute, and if the time attribute of the first data is a working time, it indicates that the first data is allowed to be accessed at the working time. For example, the data corresponding to the first service further includes second data, where the time attribute of the second data is a non-working time, and it indicates that the first data may be allowed to be accessed during the non-working time. It may be appreciated that in the embodiment of the present application, the attribute information of the first data may include an identification attribute and a time attribute. In this case, if the identification attribute is the owner and the time attribute is the working time, it indicates that the owner can access the first data in the working time. It will be appreciated that the description of the attribute information may be referred to above and will not be described in detail here.

Optionally, configuring attribute information of the first data according to the setting instruction and attribute information corresponding to the first interface includes: configuring first attribute information of first data according to the setting instruction and the first attribute information corresponding to the first interface; or configuring the second attribute information of the first data according to the setting instruction and the second attribute information corresponding to the first interface.

The first attribute information corresponding to the first interface and the second attribute information corresponding to the first interface are at least any one of the following different:

identity attribute, time attribute, location attribute, run state attribute, and ambient environment attribute.

Accordingly, the first attribute information of the first data and the second attribute information of the first data are different from each other in at least any one of the following:

For example, the first attribute information and the second attribute information may be different kinds of attribute information. For example, the first attribute information may include an identification attribute, a time attribute, and a location attribute, and the second attribute information may include an identification attribute and a time attribute. For another example, the first attribute information includes an identification attribute and the second attribute information includes a time attribute. For another example, the first attribute information includes an identification attribute, and the second attribute information includes an identification attribute, a time attribute, and a location attribute.

The first attribute information and the second attribute information may also be understood as specific contents of the attribute information are different, for example. For example, the first attribute information includes an identification attribute and a time attribute, which is a working time, and the second attribute information includes an identification attribute and a time attribute, which is a non-working time. For another example, the first attribute information includes an identification attribute, a time attribute and a location attribute, the time attribute is working time, the identification attribute is an identification of the vehicle owner, the second attribute information includes an identification attribute and a time attribute, the identification attribute is an identification of a non-vehicle owner, and the time attribute is non-working time.

It is to be understood that the above description about the first attribute information and the second attribute information is applicable to both the description of the first attribute information corresponding to the first interface and the description of the second attribute information corresponding to the first interface and the description of the first attribute information of the first data and the description of the second attribute information of the first data.

In one possible implementation, the method shown in fig. 3 further includes:

the vehicle receives an access control request, which carries attribute information. And the vehicle outputs data corresponding to the attribute information.

In the embodiment of the present application, the access control request carries the attribute information, so that the vehicle can output the data corresponding to the attribute information. By way of example, the attribute information carried by the access control request may include any one or more of the following: an identity, such as an identity of a user who needs to access data; a time attribute, such as a time attribute of data to be accessed; a location attribute, such as a location attribute of data to be accessed; an operational status attribute; surrounding environment attributes, etc.

Optionally, the access control request may further carry an access object, so that the vehicle may output corresponding data according to the access object and attribute information carried in the access control request. For example, the access objects carried by the access control request are data 1 and data 2, the attribute information of the data 1 is matched with the attribute information carried by the access control request, and the attribute information of the data 2 is not matched with the attribute information carried by the access control request, so that the vehicle only outputs the data 1, and the data 2 is refused to be accessed.

According to the method provided by the embodiment of the application, the configuration of the different attribute information of the data corresponding to the first service can be realized through the configuration of the first service, so that the configuration efficiency of the data is effectively improved, and by configuring the different attribute information of the data, the data can be ensured to be accessed, the data is not accessed, and the safety of the data is improved.

The present application also supports a user to configure policies for data access control from the perspective of data categories (e.g., image categories or voice categories). Because of the complex information structure, multiple different contents may be included for one data. The data obtained by shooting by the camera comprises two major types of video data and audio data, and the video data is a combination of a plurality of image data. For example, taking image data of a roadside captured by a vehicle as an example, the image may include license plate information, pedestrian information, road condition information, and the like. From the standpoint of performance, it is not always necessary for the effect to be achieved with all the information that can be provided by a very coarse-grained data. If the road condition is judged, license plate information shot by the vehicle-mounted camera and face information of passers-by are unnecessary. Therefore, when the vehicle owner configures from the angle of the data category, the minimized use of the data can be restrained to a certain extent, and the problem of data leakage is improved. By way of example, through the method shown in fig. 3, the user can minimize the access rights of constraint data by configuring the service, so that not only can the data configuration be efficiently completed, but also the problem of data leakage is improved, and the security of the data is ensured.

In connection with the method shown in fig. 3, the present application supports a user to configure a data access control policy of data from a service or sub-service perspective during a user configuration phase. Taking the configuration of services as an example: the service configured by the user is found from the top-level service, assuming that two services a and B are configured. The whole architecture from the root A to the leaf is completely fetched from the OEM design structural architecture with the service A as the root. As exemplified in fig. 5a, the entire architecture from root a to leaf can be represented as from service a to sub-service a and sub-service b, to the architecture between data 1, data 2, and data 3. Since the architecture is a directed acyclic graph from a data structure perspective, the entire structure can be traversed using a graph traversal algorithm. For example, when the user sets "allow" for this service a, each node traversed to overrides the previous configuration with "allow"; when the user sets "reject" for this service a, then the node maintains the previous configuration. Illustratively, when a node has not been configured, then the node may default to "reject". After the structure rooted at service a is traversed, the structure rooted at service B is traversed in the same manner.

As can be seen from the embodiments described above, the OEM development phase defines the complex data structure that is output as a result of the final configuration, and the user configuration phase performs a user perspective to data source control point delivery configuration for the complex data structure. Finally, from the view point of the underlying data, the access rights allowed by different user configurations are obtained, the rights can be stored in the form of a long string of codes, and the access rights are queried by querying the string of codes each time a new access control request is received by a data source during the operation of the system. It is understood that the codes shown herein can be understood as codes corresponding to attribute information of data configured by the vehicle. For example, the vehicle may store attribute information of the configured first data in a coded form, so that the access right is determined by the coding upon receiving the access control request.

Fig. 5a is a schematic diagram of a configuration process provided in an embodiment of the present application. As shown in fig. 5a, permission is indicated by 1, and consent is indicated by 0. For example, user a sets service 1 to allow access, as shown in fig. 5a, service 1 may be set to 1. As another example, user a sets service 2 to not allow access, as shown in fig. 5a, service 2 may be set to 0. It will be appreciated that, after the user a sets the service 1 and the service 2, the vehicle may set the sub-service 1 and the sub-service 2 corresponding to the allowed access service 1, and set the data 1 and the data 2 corresponding to the allowed access sub-service 1, and set the data 2 and the data 3 corresponding to the allowed access sub-service 2. It will be understood that the methods shown in fig. 5a and 5b are exemplified by one type of attribute information corresponding to a service, and at the same time, one type of attribute information corresponding to data of a service.

When there is an intersection between sub-services, or there is an intersection between data, then a correlation operation may be used to take the value, as shown in fig. 5 b. For example, the and operation may be adopted to perform the value, or the 1-over-0 principle may be adopted to perform the value, or the or operation may be adopted to perform the value, which is not limited in the embodiment of the present application. It will be appreciated that although the present application is illustrated with reference to fig. 5a and 5b, in actual use, the vehicle may be configured directly in accordance with fig. 5b whether access to data is allowed. Depending on the direction of delivery of the service decomposition, and the principle of 1 covering 0 (for example only), the configuration result may be as shown in fig. 5 b. Optionally, when the system is running and the vehicle system needs to determine whether the service can normally run, the service is converged from the bottom data layer, if the result of the sub-service 1 is 1 (data 1 is 1) and the result of the operation of 1 (data 2 is 1) is 1, the sub-service 1 is available. For another example, if the result of service 2 is an operation result of 1 (e.g., sub-service 2 is set 1) and 0 (e.g., sub-service 3 is set 0), if 0 is a result, service 2 is not available. For another example, the result of the service 1 is the result of the sum operation of the sub-service 1 and the sub-service 2, 1 and 1, and 1 is obtained, and then the service 1 is available. It can be appreciated that the embodiment of the present application is illustrated by taking the service 1 and the service 2 as examples, and in a specific implementation, the service 3, the service 4, the service 5, and the like may also be included, which are not described herein again. Illustratively, when the user does not configure whether access to service 3 (or service 4 or service 5) is allowed, then service 3 may be initially set to 0 (indicating that access is prohibited).

As shown in fig. 6, fig. 6 illustrates setting services such as image and sound by the number of users. It will be appreciated that reference may be made to the above embodiments as regards the configuration method, which is not described in detail here.

Illustratively, if user A sets 1 for image data and 0 for sound data, the configuration results of FIG. 6 may be transferred to the underlying data category from the direction of data decomposition. If the data 1 and the data 2 corresponding to the configuration image are 1, the data 3 and the data 4 corresponding to the sound are 0. Alternatively, the vehicle may configure the sub-services and the services according to the mapping relationship between the data and the sub-services and the mapping relationship between the sub-services and the data. For example, since data 1 and data 2 correspond to sub-service 1, sub-service 1 may be set to 1. Since data 3 and data 4 correspond to sub-service 3, sub-service 3 may be set to 0. Since data 2 is 1, data 3 is 0, since data 2 is allowed access and data 3 is prohibited access, this indicates that sub-service 2 is not available in certain scenarios, and thus sub-service 2 may be set to 0 (indicating that access is limited or that sub-service 2 is not available in certain scenarios). That is, the result of sub-service 1 is the result of the operation of 1 and 1, i.e., 1 (indicating that sub-service 1 allows access, or that sub-service 1 is available, or that sub-service 1 is not limited in use) is converged from the underlying data layer (e.g., sub-service or service). The result of service 2 is 0, indicating that service 2 is not available. The result of service 1 is the result of the AND operation of sub-service 1 and sub-service 2, i.e., the result of the operation of 1 and 0 is 0, indicating that service 1 is limited in use or that service 1 is not available in some scenarios.

It will be appreciated that the configuration in the embodiments of the present application is simplified to 0 and 1 for ease of presentation, however, in particular embodiments may also be represented in terms of more length encodings. For example, the encoding result may further include an identity (also referred to as account information), a time attribute, a location attribute, a vehicle usage scenario, etc., and the final service availability data should also be jointly determined in conjunction with the context.

It can be understood that the configuration methods of 0 and 1 in fig. 5a to 5c and fig. 6 are only examples, and the attribute information may be plural. As shown in fig. 7, fig. 7 is a schematic diagram of a configuration procedure provided in an embodiment of the present application. It will be appreciated that the schematic diagram shown in fig. 7 can be understood as a mapping relationship between services and data. Alternatively, the schematic diagram shown in fig. 7 may also be understood as omitting sub-services. Alternatively, the schematic diagram shown in fig. 7 may be further understood to be illustrated according to the schematic diagram shown in fig. 6, for example, the remote monitoring and sentinel services may be equivalent to the services 1 and 2 shown in fig. 6, and the video outside the vehicle and the video inside the vehicle may be understood to be different image types (or different video types, etc.) shown in fig. 6. However, the sub-services and data are omitted from the schematic diagram shown in fig. 7. For example, the first layer of fig. 7 may represent the owner account and the guest account, respectively, that is, the identities are different. The second layer may represent the settings of different users for different services, such as setting remote monitoring and sentinel services to allow access (e.g. 1) and access (e.g. 1) for the user (e.g. user 1) corresponding to the owner account, respectively. In another example, the user (e.g., user 2) corresponding to the visitor account number sets the remote monitoring and the sentinel service to be prohibited from accessing (e.g., 0) and prohibited from accessing (e.g., 0), respectively. For example, the configuration result of the remote monitoring may be 10, where the first bit in 10 indicates the configuration result of the user 1 for the remote monitoring, and the second bit indicates the configuration result of the user 2 for the remote monitoring. For another example, the configuration result of the sentinel service may be 10, where the first position in 10 indicates the configuration result of the sentinel service by the user 1, and the second position indicates the configuration result of the sentinel service by the user 2. For the third layer, the remote monitoring and the sentry service are corresponding to data corresponding to the video outside the vehicle, and the remote monitoring is corresponding to data corresponding to the video inside the vehicle. Thus, according to the configuration of user 1, the configuration result of the off-board video is 1010, where the first position of 1010 represents the configuration result of user 1 for remote monitoring, the third position represents the configuration result of user 1 for whistle monitoring, the second position represents the configuration result of user 2 for remote monitoring, and the fourth position represents the configuration result of user 2 for whistle service. According to the configuration of the user 2, the configuration result of the time frequency in the vehicle is 1000, wherein the first bit in the 1000 represents the configuration result of the user 1 on remote monitoring (i.e. access is allowed), and the second bit represents the configuration result of the user 2 on remote monitoring (i.e. access is allowed). Since the sentinel service does not correspond to an in-car video, both the third and fourth bits may be configured to an initialized value, such as 0. It can be understood that the coding modes corresponding to the service and the data shown in fig. 7 are only examples, and the embodiment of the present application is not limited to this.

For the various embodiments shown above, the application provides a method for implementing various customized fine-grained personal data access policies and data controls in a whole vehicle in a vehicle system, supporting downward layer-by-layer decomposition and refinement of semantic level configurations of an input setting layer (such as setting instructions input by the input setting layer) into executable policies, and providing a general framework and implementation method independent of business processing contexts. The method provided by the application also has the following effects:

1. according to the method, the service, the sub-service and the relation among the data are decoupled in a layering mode, or the preference configuration of the data category is decoupled with business service logic, so that access control scenes of data in the vehicle can be met, and the data can comprise data generated by the vehicle or important data needing extra protection.

2. The method provided by the application can support various vehicle platform architectures, such as a modularized development platform (e.g. a vehicle-mounted digital platform) and the like. Illustratively, the OEM pre-configures (or defines) the hierarchy between good services and data to implement the methods provided by embodiments of the present application. By way of example, the vehicle can be rapidly developed to realize the control of the whole vehicle protection data according to the predefined whole vehicle global characteristics and the whole vehicle global data source general configuration.

3. The method provided by the application can also update the configuration file (such as the mapping relation between the service and the sub-service and the mapping relation between the sub-service and the data) through OTA upgrading or diagnosis and other methods, or understand that the service, the sub-service and the data are updated in a dividing hierarchy or the data classification hierarchical structure is updated, so that the updating of the service or the issuing of a compliance dynamic strategy is realized, and the effect of protecting personalized experience or rapid compliance of the data is achieved.

4. According to the method, the data access control strategy can be executed according to the setting instruction, the data is configured, the internal strategy conversion and the circulation of the control flow can not be perceived excessively by a user, or the user can realize the configuration of the data without excessive intervention.

The following will describe a communication device provided in an embodiment of the present application.

According to the method embodiment, the data access control device is divided into the functional modules, for example, each functional module can be divided corresponding to each function, and two or more functions can be integrated into one processing module. The integrated modules may be implemented in hardware or in software functional modules. It should be noted that the division of the modules in this application is illustrative, and is merely a logic function division, and other division manners may be implemented in practice. The data access control apparatus of the embodiment of the present application will be described in detail below with reference to fig. 8 to 10.

Fig. 8 is a schematic structural diagram of a data access control device according to an embodiment of the present application. The apparatus may be used to perform the functions or steps performed by the vehicle as shown above, etc. As shown in fig. 8, the apparatus includes a receiving unit 801, a processing unit 802. Optionally, the apparatus further comprises an output unit 803.

Illustratively, the receiving unit 801 is configured to receive a setting instruction, where the setting instruction is a setting instruction for a first interface, and the first interface is used to indicate a first service, and the first interface corresponds to attribute information;

the processing unit 802 is configured to configure attribute information of first data according to attribute information corresponding to the first interface, where the attribute information of the first data is used to determine access rights of the first data, and the first data is included in data corresponding to the first service.

Alternatively, the receiving unit 801 may receive a setting instruction through a display screen. For example, the user may input a setting instruction through the display screen, so that the receiving unit 801 receives the setting instruction.

It may be appreciated that in the embodiments of the present application, reference may be made to the method embodiments shown above for description of the relationship between the interface and the service, the relationship between the service and the data, the relationship between the service and the sub-service, the relationship between the sub-service and the data, the attribute information of the first data, and so on, and details will not be described here. For example, reference may be made to the method shown in fig. 3. For another example, reference may be made to fig. 4a to 4c. For another example, reference may be made to fig. 5a to 5c. For another example, reference may be made to fig. 6 or fig. 7, etc.

Illustratively, the receiving unit 801 is further configured to receive an access control request, where the access control request carries attribute information;

an output unit 803 for outputting data corresponding to the attribute information.

It is understood that the processing unit 802 may determine, according to the access control request and the attribute information of the data, the data corresponding to the attribute information carried by the access control request. It is to be understood that the output unit may output the data corresponding to the attribute information to another device, or may output the data corresponding to the attribute information from the processing unit to another processing unit in the vehicle system, or the like, which is not limited in the embodiment of the present application.

It is to be understood that the descriptions of the receiving unit 801, the processing unit 802, and the output unit 803 shown in the embodiments of the present application are merely examples, and reference may be made to the above-described method embodiments for specific functions or steps performed by the receiving unit 801, the processing unit 802, and the output unit 803, and so on, and will not be described in detail herein. For example, the receiving unit 801, the processing unit 802, and the output unit 803 may be disposed in different physical entities, respectively, or disposed in the same physical entity (e.g., a chip or an integrated circuit). For example, the processing unit 802 may be disposed at a domain controller or ECU. For another example, the receiving unit 801 may be disposed at other ECUs, or disposed at a transceiver. For another example, the output unit 803 may be disposed in the same physical entity as the processing unit 802, such as in a domain controller or ECU. For another example, the output unit 803 may be disposed in a different physical entity than the processing unit 802. For another example, the output unit 803 may be disposed at a transceiver. It will be appreciated that the product forms corresponding to the units shown above are merely examples, and the product forms of the units in the embodiments of the present application are not limited. It will be appreciated that the data access control device shown in fig. 10 below is merely an example and should not be construed as limiting the embodiments of the present application.

Fig. 9 is a schematic structural diagram of a data access control device according to an embodiment of the present application. The apparatus may be used to perform the functions or steps, etc., performed by the servers (including OEM servers and/or upgrade servers, etc.) shown above. As shown in fig. 9, the apparatus includes a processing unit 901 and a transmitting unit 902.

Illustratively, a processing unit 901 is configured to determine configuration information; a transmitting unit 902, configured to output the configuration information.

For example, the transmitting unit 902 may transmit the configuration information to the vehicle through the transceiver. For another example, the transmitting unit 902 may output the configuration information from the processing unit 901 through a communication interface (may also be referred to as an interface or a pin, etc.).

It may be appreciated that in the embodiments of the present application, the description of the configuration information may refer to the mapping relationship between the services and the sub-services shown above, and the description of the mapping relationship between the sub-services and the data, which are not described in detail herein. It will be appreciated that, for the description of the interface-to-service relationship, the service-to-data relationship, the service-to-sub-service relationship, the sub-service-to-data relationship, the attribute information of the first data, etc., reference may be made to the method embodiments shown above, and will not be described in detail herein. For example, reference may be made to the method shown in fig. 3. For another example, reference may be made to fig. 4a to 4c. For another example, reference may be made to fig. 5a to 5c. For another example, reference may be made to fig. 6 or fig. 7, etc.

It is to be understood that the descriptions of the processing unit 901 and the transmitting unit 902 shown in the embodiments of the present application are merely examples, and reference may be made to the above-described method embodiments for specific functions or steps performed by the processing unit 901 and the transmitting unit 902, and will not be described in detail herein. For example, the processing unit 901 and the transmitting unit 902 may be disposed in different physical entities, or disposed in the same physical entity (e.g., a chip or an integrated circuit). It is to be understood that, regarding the specific description of the processing unit 901 and the transmitting unit 902, reference may be made to the description shown in fig. 8, and a detailed description thereof will not be given here. It will be appreciated that the product forms corresponding to the units shown above are merely examples, and the product forms of the units in the embodiments of the present application are not limited. It will be appreciated that the data access control device shown in fig. 10 below is merely an example and should not be construed as limiting the embodiments of the present application.

Fig. 10 is a schematic structural diagram of a data access control device 100 according to an embodiment of the present application. By way of example, the data access control device shown in fig. 10 may be used to perform the functions or steps shown in the vehicle above. Multiplexing fig. 10, exemplary, the data access control apparatus shown in fig. 10 may be used to perform the functions or steps shown in the above server.

For example, the apparatus 100 may include at least one processor 1001 and a communication interface 1002. Optionally, a bus 1003 may also be included. Optionally, at least one memory 1004 may be included, wherein the processor 1001, the communication interface 1002, and the memory 1004 are connected by a bus 1003.

The processor 1001 is a module that performs arithmetic and/or logical operations, and specifically may be a combination of one or more of processing modules such as a central processing unit (central processing unit, CPU), a picture processor (graphics processing unit, GPU), a microprocessor (microprocessor unit, MPU), a domain controller, an ECU, an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a field programmable gate array (Field Programmable Gate Array, FPGA), and a complex programmable logic device (Complex programmable logic device, CPLD).

The communication interface 1002 is configured to receive data (including a setting instruction shown in the present application) transmitted from the outside and/or transmit data to the outside, and may be a wired link interface including an ethernet cable or the like, or may be a wireless link (Wi-Fi, bluetooth, general wireless transmission, or the like) interface. Optionally, the communication interface 1002 may also include a transmitter (e.g., radio frequency transmitter, antenna, etc.) or receiver, etc., coupled to the interface.

The memory 1004 is used to provide a storage space, where data such as an operating system and a computer program may be stored. The memory 1601 may be a combination of one or more of a random access memory (random access memory, RAM), a read-only memory (ROM), an erasable programmable read-only memory (erasable programmable read only memory, EPROM), or a portable read-only memory (compact disc read-only memory, CD-ROM), etc.

The processor 1001 in the apparatus 100 is arranged to read a computer program stored in said memory 1004 for performing the aforementioned data access control method, such as the method described in fig. 3.

The embodiment of the application also provides a chip system, which comprises at least one processor and a communication interface, wherein the communication interface is used for inputting and/or outputting data, and the at least one processor is used for calling a computer program stored in at least one memory, so that a device where the chip system is located can realize the method of the OEM server or the vehicle in the embodiment shown in fig. 3.

Illustratively, when the chip system is used to implement a function or step performed by the vehicle, the communication interface is used to input a setting instruction; and a processor for configuring attribute information of the first data according to the setting instruction.

Illustratively, when the system-on-chip is used to implement a function or step performed by the server, the processor is configured to determine the configuration information, and the communication interface is configured to output the configuration information.

Further, the at least one processor may be one or more of CPU, GPU, MPU, ASIC, FPGA, CPLD, a coprocessor (assisting a central processing unit in performing corresponding processing and applications), an MCU, and the like.

Embodiments of the present application also provide a wireless communication system that includes a vehicle and a server that may be used to perform the method of any of the foregoing embodiments (e.g., fig. 3).

Furthermore, the present application also provides a computer program for implementing the operations and/or processes performed by the vehicle in the methods provided herein.

The present application also provides a computer program for implementing the operations and/or processes performed by the server in the methods provided herein.

The present application also provides a computer readable storage medium having computer code stored therein, which when run on a computer causes the computer to perform the operations and/or processes performed by the vehicle in the methods provided herein.

The present application also provides a computer readable storage medium having computer code stored therein, which when run on a computer causes the computer to perform the operations and/or processes performed by the server in the methods provided herein.

The present application also provides a computer program product comprising computer code or a computer program which, when run on a computer, causes operations and/or processes performed by a vehicle in the methods provided herein to be performed.

The present application also provides a computer program product comprising computer code or a computer program which, when run on a computer, causes operations and/or processes performed by a server in the methods provided herein to be performed.

When the computer instructions are loaded and executed on a computer, the processes or functions described in the embodiments of the present application may be implemented in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted across a computer-readable storage medium. The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device including one or more servers, data centers, etc. that can be integrated with the available medium. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a Solid State Disk (SSD)), or the like.

The steps in the method embodiment of the application can be sequentially adjusted, combined and deleted according to actual needs.

The modules in the embodiment of the application device can be combined, divided and deleted according to actual needs.

Claims

A method of data access control, the method comprising:

receiving a setting instruction, wherein the setting instruction is a setting instruction aiming at a first interface, the first interface is used for indicating a first service, and the first interface corresponds to attribute information;

and configuring attribute information of first data according to the attribute information corresponding to the first interface, wherein the attribute information of the first data is used for determining access rights of the first data, and the first data is contained in the data corresponding to the first service.
The method according to claim 1, wherein the method further comprises:

acquiring configuration information, wherein the configuration information comprises a corresponding relation between the first service and the first data;

the configuring the attribute information of the first data according to the attribute information corresponding to the first interface includes:

and configuring the attribute information of the first data according to the attribute information corresponding to the first interface and the configuration information.
The method according to claim 1 or 2, wherein the first service comprises a first sub-service and/or a second sub-service, and the data corresponding to the first sub-service and/or the second sub-service comprises the first data.
A method according to any of claims 1-3, wherein the sub-service corresponding to the first service is different from the sub-service corresponding to the second service, or wherein the sub-service corresponding to the first service partially overlaps with the sub-service corresponding to the second service.
The method of claim 4, wherein the sub-service corresponding to the first service is different from the sub-service corresponding to the second service by at least any one of:

an image acquisition sub-service, a voice acquisition sub-service or a radar analysis sub-service.
The method according to any one of claims 1-5, wherein configuring attribute information of the first data according to attribute information corresponding to the first interface includes:

configuring first attribute information of the first data according to the setting instruction and the first attribute information corresponding to the first interface; or,

and configuring second attribute information of the first data according to the setting instruction and the second attribute information corresponding to the first interface.
The method of claim 6, wherein the first attribute information of the first data and the second attribute information of the first data are different from at least any one of:

identity attributes, time attributes, location attributes, run state attributes, or ambient environment attributes.
The method of any of claims 1-7, wherein the setup instruction is a setup instruction for a first interface, comprising: the set instruction is a set instruction for the first service.
The method of any of claims 1-8, wherein the first service comprises any one or more of:

360 look-around service, sentinel service, autopilot service, assisted drive service, autopilot service, remote control service, navigation service, or guest mode service.
The method of any of claims 1-8, wherein the first service comprises any one or more of:

image service, sound service, text service.
The method of any of claims 1-7, wherein the first interface is an interface for a vehicle usage scenario to which the first service is bound, the first interface corresponding to attribute information comprising: the vehicle use scene carries the attribute information.
The method of claim 11, wherein the vehicle use scenario comprises any one or more of:

a first scene, a second scene, and a third scene.
The method of claim 12, wherein the first scene, the second scene, or the third scene differ in at least one of the following properties:

identity attribute, time attribute, location attribute, run state attribute, and ambient environment attribute.
A method of data access control, the method comprising:

determining configuration information, wherein the configuration information comprises a corresponding relation between a first service and first data and attribute information of the first data, the attribute information of the first data is used for determining access rights of the first data, and the first data is contained in data corresponding to the first service;

and sending the configuration information to the vehicle.
The method of claim 14, wherein the first service comprises a first sub-service and/or a second sub-service, and wherein the data corresponding to the first sub-service and/or the second sub-service comprises the first data.
The method of claim 14 or 15, wherein the sub-service corresponding to the first service is different from the sub-service corresponding to the second service, or wherein the sub-service corresponding to the first service partially overlaps with the sub-service corresponding to the second service.
The method of claim 16, wherein the sub-service corresponding to the first service is different from the sub-service corresponding to the second service by at least any one of:

an image acquisition sub-service, a voice acquisition sub-service or a radar analysis sub-service.
A data access control apparatus, the apparatus comprising:

the device comprises a receiving unit, a first interface and a second interface, wherein the receiving unit is used for receiving a setting instruction, the setting instruction is a setting instruction aiming at the first interface, the first interface is used for indicating a first service, and the first interface corresponds to attribute information;

the processing unit is used for configuring attribute information of first data according to the attribute information corresponding to the first interface, wherein the attribute information of the first data is used for determining access authority of the first data, and the first data is contained in the data corresponding to the first service.
The apparatus of claim 18, wherein the device comprises a plurality of sensors,

the processing unit is further configured to obtain configuration information, where the configuration information includes a correspondence between the first service and the first data; and configuring attribute information of the first data according to the attribute information corresponding to the first interface and the configuration information.
The apparatus according to claim 18 or 19, wherein the first service comprises a first sub-service and/or a second sub-service, and wherein the data corresponding to the first sub-service and/or the second sub-service comprises the first data.
The apparatus according to any of claims 18-20, wherein the sub-service corresponding to the first service is different from the sub-service corresponding to the second service, or wherein the sub-service corresponding to the first service partially overlaps with the sub-service corresponding to the second service.
The apparatus of claim 21, wherein the sub-service corresponding to the first service is different from the sub-service corresponding to the second service by at least any one of:

an image acquisition sub-service, a voice acquisition sub-service or a radar analysis sub-service.
The device according to any one of claims 18 to 22, wherein,

the processing unit is specifically configured to configure first attribute information of the first data according to the setting instruction and the first attribute information corresponding to the first interface; or,

the processing unit is specifically configured to configure second attribute information of the first data according to the setting instruction and the second attribute information corresponding to the first interface.
The apparatus of claim 23, wherein the first attribute information of the first data and the second attribute information of the first data are different in at least any one of:

identity attributes, time attributes, location attributes, run state attributes, or ambient environment attributes.
The apparatus of any of claims 18-24, wherein the setup instruction is a setup instruction for a first interface, comprising: the set instruction is a set instruction for the first service.
The apparatus of any of claims 18-25, wherein the first service comprises any one or more of:

360 look-around service, sentinel service, autopilot service, assisted drive service, autopilot service, remote control service, navigation service, or guest mode service.
The apparatus of any of claims 18-25, wherein the first service comprises any one or more of:

image service, sound service, text service.
The apparatus of any of claims 18-24, wherein the first interface is an interface for a vehicle usage scenario to which the first service is bound, the first interface corresponding to attribute information comprising: the vehicle use scene carries the attribute information.
The apparatus of claim 28, wherein the vehicle use scenario comprises any one or more of:

a first scene, a second scene, and a third scene.
The apparatus of claim 29, wherein the first scene, the second scene, or the third scene differ in at least one of:

identity attribute, time attribute, location attribute, run state attribute, and ambient environment attribute.
A data access control apparatus, the apparatus comprising:

the processing unit is used for determining configuration information, wherein the configuration information comprises a corresponding relation between a first service and first data and attribute information of the first data, the attribute information of the first data is used for determining access rights of the first data, and the first data is contained in data corresponding to the first service;

and the transmitting unit is used for transmitting the configuration information to the vehicle.
The apparatus of claim 31, wherein the first service comprises a first sub-service and/or a second sub-service, and wherein data corresponding to the first sub-service and/or the second sub-service comprises the first data.
The apparatus of claim 31 or 32, wherein the sub-service corresponding to the first service is different from the sub-service corresponding to the second service or the sub-service corresponding to the first service partially overlaps with the sub-service corresponding to the second service.
The apparatus of claim 33, wherein the sub-service corresponding to the first service is different from the sub-service corresponding to the second service by at least any one of:

an image acquisition sub-service, a voice acquisition sub-service or a radar analysis sub-service.
A data access control device, characterized in that it comprises at least one processor and a communication interface for inputting and/or outputting data, said at least one processor being adapted to invoke a computer program stored in at least one memory, to cause the data access control device to implement the method according to any of claims 1-13; or to cause the data access control apparatus to implement the method of any one of claims 14-17.
A data access control system comprising a server and a vehicle, wherein:

The vehicle being adapted to perform the method of any one of claims 1-13;

the server is adapted to perform the method of any of claims 14-17.
A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program which, when run on one or more processors, implements the method according to any of claims 1-13; alternatively, the method of any of claims 14-17 is implemented.
A computer program product, characterized in that it implements the method according to any of claims 1-13 when run on one or more processors; alternatively, the method of any of claims 14-17 is implemented.